Kategoria: IoT Security

A new strain (as long as December 2016 can be called new) has been spotted on GitHub that combines both a standard telnet scanner and also MIRAI. It has been uploaded here:https://github.com/geo93033/u. In the header(s) you can find some credentials: Xmpp: [email protected] Twitter: @P2PBOTNET Instragram: @Rebirth.c Skype: b1narythag0d and Skype: …

While doing some investigations for one of our clients, we came across a (new) malware strain. After some quick investigations, we found out 2 sources (both in C++, a client and a server). They are signed with: // Client.c Made By @Gr1n1337 – // DeepWeb Fourms User Name – Gr1n …

Impossible? Not really. Of course, some of the problems that might appear are: How do you pair the device with the „right” firmware? How do you rebuild the malware-infected firmware?

But the most important question: doesn’t the device (or the manufacturer) use a rather strong security mechanism to certify that the firmware is indeed legit? If it does, maybe it’s time to update it. If not… well, trouble ahead!

Anyway, it’s not really a case of „trash the device”, rather a case of painfully (and costly) ways to identify and disinfect it.

But… does this look like the dawn of ransomware-vulnerable-devices? Yes, sure it does. Just wait for it… or better not, and be prepared.

Our RTT solution helps companies retaliate if attacked by vulnerable / infected IoT devices. Still in Beta, but you can get a glimpse of it at any time. Just e-mail us at [email protected] for more details.

During August 2016, we came across several devices that were infected with a new malware that we couldn’t identify – for now. It resides in a read-write partition of some CCTV devices (most partitions on these devices are read-only), in a folder called .anime under the name .kami. It seems the attack used hard-coded telnet credentials and then downloaded the now-unknown malware(or maybe created the file via „echo” commands).

We failed to identify it, since it’s truncated – the final file seems to be bigger than the partition it was created on (mounted as /mnt/mtd).